输出日志前,将引起Log Forging 漏洞的敏感字符过滤一下
/** * 过滤引起Log Forging漏洞的敏感字符 * @param str */ private String filterLogForging(String str){ List<String> sensitiveStr = new ArrayList<>(); sensitiveStr.add("%0d"); sensitiveStr.add("%0a"); sensitiveStr.add("%0A"); sensitiveStr.add("%0D"); sensitiveStr.add("\r"); sensitiveStr.add("\n"); String normalize = Normalizer.normalize(str, Normalizer.Form.NFKC); Iterator<String> iterator = sensitiveStr.iterator(); while (iterator.hasNext()){ normalize.replace(iterator.next(),""); } return normalize; }